Tackling Global Threats in Common

F.Y. Teng |
May 24, 2012

A strong case for more industry cooperation in business of information security and risk management.

The Founder, CEO and CTO of specialised information security firm FireEye, Ashar Aziz, gave MIS Asia an interview earlier this month (May 11), in which he discussed strategies being employed by organisations across the globe from the public and private sectors on the security front, the evolving practices of by cybercriminals, and his company's approach to carrying on the fight against bad guys traversing our networks. Below is the expurgated transcript of that interview.

Talk about the global threat landscape as you see it developing.It's no secret that advanced targeted attacks are on the rise; they've been occurring at an incredibly alarming rate and frequency. 2010 and 2011 had been very active years for malware attacks, creating many public headlines as a result. The victims of these attacks were high profile enterprises, including Google, RSA, Symantec and Zappos-just to name a few.

The progression and evolution of malware is alarming, with them changing from a rather simple and disruptive nuisance, to the much more sophisticated advanced malware variants that we are seeing today.

Whether it's a nation-state sponsored attack or cyber criminal organisation, today's advanced malware variants are custom developed and highly targeted-and as a result these attacks are bypassing traditional defenses.

Interestingly, many attacks are designed to enable further attacks on even more valuable targets. For example, RSA attack led to attacks on Lockheed, L3, and Northrup<http://www.eweek.com/c/a/Security/Northrop-Grumman-L3-Communications-Hacked-via-Cloned-RSA-SecurID-Tokens-841662/>.

This highlights that breaches are increasingly common due to flaws in common applications and plug-ins like Adobe Reader. Persistent flaws show that break-ins like the RSA data breach or theft of Symantec source code are straightforward given today's traditional defenses.

An important thing to note is that we see all of these attacks in the headlines-from RSA to Google or even more recently Zappos. But it is the unwritten headlines that we should be concerned about. It is a fact that if relying on traditional signature based defenses, virtually every enterprise can be compromised if targeted by an advanced malware attack. The traditional defenses that are in place in today's enterprise architecture, Firewalls, IPS/IDS, Spam Firewalls, Web Gateways-will not prevent the methods and dynamic content that is being assembled and 'weaponized' during the initial exploit phase of an advanced targeted attack.

These attacks are typically blended across multiple inbound vectors and it's important to understand that these types of attacks are continuing to make it through traditional defenses.

The vast majority of these attacks are blended-such as the Google attack in 2010. In the Google attack, they used a spear phishing email containing a malicious URL in the body of the message as the weapon of choice. The email was carefully crafted in order to fool the targeted victim into clicking on the URL. Once clicked, unknown to the targeted victim, the initial exploit phase of the attack had just succeeded such as the more recent example, the RSA attack which again, began with a targeted spear phishing email. But this time, it contained a malicious email attachment, which fools the user into opening the file.